This repository was archived by the owner on Dec 5, 2025. It is now read-only.
[client] Introduce api protocol helper for listening connectors (#850) #851
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
+ Add support for multi env to fix queue protocol var name
richard-julien
added
filigran team
labo-flg
reviewed
Mar 5, 2025
Contributor
There was a problem hiding this comment.
Thank you for adding this feature
I've left some comments regarding the code.
Do you think we should extend the unit tests in tests/02-integration, as they currently only cover AMQP cases?
I'll be happy to answer your questions and address any remarks.
| @@ -41,7 +45,7 @@ def start_loop(loop): | |||
|
|
|||
|
|
|||
| def get_config_variable( | |||
Contributor
There was a problem hiding this comment.
I understand this "OR like" behavior is introduced for the "QUEUE_PROTOCOL" backwards compatibility even though we now recommend "CONNECTOR_QUEUE_PROTOCOL" (addition in line 931).
1/ As the get_config_variable is used in many other place, do not you think we could avoid this change in the get_config_var method and only use the OR behavior for this specific variable loading process
2/ Should we add a deprecation warning ?
self.queue_protocol = get_config_variable(
env_var="CONNECTOR_QUEUE_PROTOCOL",
yaml_path=["connector", "queue_protocol"],
config=config,
)
if not self.queue_protocol: # for backwards compatibility
self.queue_protocol = get_config_variable(
env_var="QUEUE_PROTOCOL",
yaml_path=None,
config=config,
)
if self.queue_protocol:
raise DeprecationWarning("QUEUE_PROTOCOL is deprecated, please use CONNECTOR_QUEUE_PROTOCOL instead.")
if not self.queue_protocol:
self.queue_protocol = "amqp"
Comment on lines
432
to
438
| try: | ||
| authorization: str = request.headers.get("Authorization") | ||
| scheme, token = authorization.split() | ||
| if scheme.lower() != "bearer" or token != self.opencti_token: | ||
| return {"error": "Invalid credentials"} | ||
| except Exception: | ||
| return {"error": "Invalid credentials"} |
Contributor
There was a problem hiding this comment.
I think we can remove the try-except clause by
- adding value check to avoid :
"authorization.split() => Attribute error NoneType as no attribute 'split'" in case no "Authorization" key in headers dict
or "scheme, token => ValueError not enough/to many values to unpack " in case Authorization is empty or badly formatted string.
Suggested change
| try: | |
| authorization: str = request.headers.get("Authorization") | |
| scheme, token = authorization.split() | |
| if scheme.lower() != "bearer" or token != self.opencti_token: | |
| return {"error": "Invalid credentials"} | |
| except Exception: | |
| return {"error": "Invalid credentials"} | |
| authorization: str = request.headers.get("Authorization", "") # empty string default value for typing | |
| items = authorization.split() if isinstance(authorization, str) else [] | |
| if len(items) != 2 or items[0].lower() != "bearer" or items[1] != self.opencti_token: | |
| return {"error": "Invalid credentials"} | |
Comment on lines
440
to
443
| try: | ||
| data = await request.json() # Get the JSON payload | ||
| except Exception as e: | ||
| return {"error": "Invalid JSON payload", "details": str(e)} |
Contributor
There was a problem hiding this comment.
Suggested change
| try: | |
| data = await request.json() # Get the JSON payload | |
| except Exception as e: | |
| return {"error": "Invalid JSON payload", "details": str(e)} | |
| try: | |
| data = await request.json() # Get the JSON payload | |
| except json.JSONDecodeError as e: | |
| return {"error": "Invalid JSON payload", "details": str(e)} |
| "Failing reporting the processing" | ||
| ) | ||
|
|
||
| async def _process_callback(self, request: Request): |
Contributor
There was a problem hiding this comment.
I would recommend to use JSONResponse with HTTP code rather than dictionnary for easier future debugging
from fastapi.responses import JSONResponse
...
async def _process_callback(self, request: Request) -> JSONResponse:
# 01. Check the authentication
...
return JSONResponse(status_code=401, content={"error": "Invalid credentials"})
...
# 02. Parse the data and execute
return JSONResponse(status_code=400, content={"error": "Invalid JSON payload", "details": str(e)})
...
return JSONResponse(status_code=500, content={"error": "Error processing message", "details": str(e)})
...
# all good
return JSONResponse(status_code=202, content={"message": "Message successfully processed"})
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See #850
Related to OpenCTI-Platform/opencti#10046